Security Warning for cnPilot routers with remote access

I have forwarded this to the security team at Cambium, but just so as many people as possible know about it: There is a vulnerability that allows lower privileged users (user and useradmin) to download the config file (which includes unencrypted passwords for all accounts and settings). All the user has to do is log into the router and browse to the path that initiates the config file download (omitted for security as this is a public forum). This has been reproduced on R200 routers running firmware 4.3.4-R8. I have yet to test other Cambium routers at this time.

If you are enabling remote access to your routers, please ensure that you are changing the password for ALL of the accounts by going to the Administration tab and changing the password for each "User Type" listed in the drop down.

You should also consider limiting remote access to specific IP addresses by changing the "Allowed Remote IP" box in the Administration->Management Settings->Web Access section.

2 Likes